Vulnerabilities > CVE-2008-2315 - Integer Overflow or Wraparound vulnerability in Python

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

python

CWE-190

nessus

NVD

Published: 2008-08-01

Updated: 2023-08-02

Summary

Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.

Vulnerable Configurations

Part	Description	Count
Application	Python Python Python - Python Python 0.9.0 Python Python 0.9.1 Python Python 0.9.8 Python Python 0.9.9 Python Python 1.0.1 Python Python 1.0.2 Python Python 1.1 Python Python 1.1.1 Python Python 1.2 Python Python 1.3 Python Python 1.4 Python Python 1.5 Python Python 1.5.1 Python Python 1.5.2 Python Python 1.6 Python Python 1.6.1 Python Python 2.0 Python Python 2.0.1 Python Python 2.1 Python Python 2.1.1 Python Python 2.1.2 Python Python 2.1.3 Python Python 2.2 Python Python 2.2.0 Python Python 2.2.1 Python Python 2.2.2 Python Python 2.2.3 Python Python 2.3 Python Python 2.3.0 Python Python 2.3.1 Python Python 2.3.2 Python Python 2.3.3 Python Python 2.3.4 Python Python 2.3.5 Python Python 2.3.6 Python Python 2.3.7 Python Python 2.4 Python Python 2.4.0 Python Python 2.4.1 Python Python 2.4.2 Python Python 2.4.3 Python Python 2.4.4 Python Python 2.4.5 Python Python 2.4.6 Python Python 2.5 Python Python 2.5.0 Python Python 2.5.1 Python Python 2.5.2	49

Common Weakness Enumeration (CWE)

CWE-190 - Integer Overflow or Wraparound

Common Attack Pattern Enumeration and Classification (CAPEC)

Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-806-1.NASL
description	It was discovered that Python incorrectly handled certain arguments in the imageop module. If an attacker were able to pass specially crafted arguments through the crop function, they could execute arbitrary code with user privileges. For Python 2.5, this issue only affected Ubuntu 8.04 LTS. (CVE-2008-4864) Multiple integer overflows were discovered in Python
last seen	2020-06-01
modified	2020-06-02
plugin id	40361
published	2009-07-24
reporter	Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40361
title	Ubuntu 6.06 LTS / 8.04 LTS / 8.10 : python2.4, python2.5 vulnerabilities (USN-806-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE9_12215.NASL
description	This update of python fixes several security vulnerabilities. (CVE-2008-1679 / CVE-2008-1887, CVE-2008-3143, CVE-2008-3142, CVE-2008-3144, CVE-2008-2315, CVE-2008-2316) Note: for SLE10 a non-security bug in mmap was fixed too.
last seen	2020-06-01
modified	2020-06-02
plugin id	41229
published	2009-09-24
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/41229
title	SuSE9 Security Update : Python (YOU Patch Number 12215)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2009-1176.NASL
description	Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
last seen	2020-06-01
modified	2020-06-02
plugin id	40400
published	2009-07-28
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40400
title	RHEL 5 : python (RHSA-2009:1176)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2009-1178.NASL
description	Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
last seen	2020-06-01
modified	2020-06-02
plugin id	40402
published	2009-07-28
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40402
title	RHEL 3 : python (RHSA-2009:1178)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2009-1178.NASL
description	Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
last seen	2020-06-01
modified	2020-06-02
plugin id	40394
published	2009-07-28
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40394
title	CentOS 3 : python (CESA-2009:1178)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2009-001.NASL
description	The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-001 applied. This security update contains fixes for the following products : - AFP Server - Apple Pixlet Video - CarbonCore - CFNetwork - Certificate Assistant - ClamAV - CoreText - CUPS - DS Tools - fetchmail - Folder Manager - FSEvents - Network Time - perl - Printing - python - Remote Apple Events - Safari RSS - servermgrd - SMB - SquirrelMail - X11 - XTerm
last seen	2020-06-01
modified	2020-06-02
plugin id	35684
published	2009-02-13
reporter	This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/35684
title	Mac OS X Multiple Vulnerabilities (Security Update 2009-001)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2009-1176.NASL
description	Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
last seen	2020-06-01
modified	2020-06-02
plugin id	43771
published	2010-01-06
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/43771
title	CentOS 5 : python (CESA-2009:1176)

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2008-217-01.NASL
description	New python packages are available for Slackware 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix security issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	33824
published	2008-08-05
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33824
title	Slackware 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : python (SSA:2008-217-01)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20090728_PYTHON_FOR_SL_3_0_X.NASL
description	When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
last seen	2020-06-01
modified	2020-06-02
plugin id	60624
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60624
title	Scientific Linux Security Update : python for SL 3.0.x on i386/x86_64

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2009-003.NASL
description	Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. (CVE-2008-4864) Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. (CVE-2008-5031) The updated Python packages have been patched to correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	36693
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/36693
title	Mandriva Linux Security Advisory : python (MDVSA-2009:003)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2009-1176.NASL
description	From Red Hat Security Advisory 2009:1176 : Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
last seen	2020-06-01
modified	2020-06-02
plugin id	67896
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67896
title	Oracle Linux 5 : python (ELSA-2009-1176)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200807-16.NASL
description	The remote host is affected by the vulnerability described in GLSA-200807-16 (Python: Multiple vulnerabilities) Multiple vulnerabilities were discovered in Python: David Remahl of Apple Product Security reported several integer overflows in core modules such as stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule (CVE-2008-2315). David Remahl of Apple Product Security also reported an integer overflow in the hashlib module, leading to unreliable cryptographic digest results (CVE-2008-2316). Justin Ferguson reported multiple buffer overflows in unicode string processing that only affect 32bit systems (CVE-2008-3142). The Google Security Team reported multiple integer overflows (CVE-2008-3143). Justin Ferguson reported multiple integer underflows and overflows in the PyOS_vsnprintf() function, and an off-by-one error when passing zero-length strings, leading to memory corruption (CVE-2008-3144). Impact : A remote attacker could exploit these vulnerabilities in Python applications or daemons that pass user-controlled input to vulnerable functions. Exploitation might lead to the execution of arbitrary code or a Denial of Service. Vulnerabilities within the hashlib might lead to weakened cryptographic protection of data integrity or authenticity. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	33782
published	2008-08-01
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33782
title	GLSA-200807-16 : Python: Multiple vulnerabilities

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1667.NASL
description	Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-2315 David Remahl discovered several integer overflows in the stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, and mmapmodule modules. - CVE-2008-3142 Justin Ferguson discovered that incorrect memory allocation in the unicode_resize() function can lead to buffer overflows. - CVE-2008-3143 Several integer overflows were discovered in various Python core modules. - CVE-2008-3144 Several integer overflows were discovered in the PyOS_vsnprintf() function.
last seen	2020-06-01
modified	2020-06-02
plugin id	34823
published	2008-11-21
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/34823
title	Debian DSA-1667-1 : python2.4 - several vulnerabilities

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20090727_PYTHON_FOR_SL5_X.NASL
description	When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
last seen	2020-06-01
modified	2020-06-02
plugin id	60622
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60622
title	Scientific Linux Security Update : python for SL5.x i386/x86_64

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_0_PYTHON-080801.NASL
description	This update of python fixes several security vulnerabilities. (CVE-2008-1679,CVE-2008-1887, CVE-2008-3143, CVE-2008-3142, CVE-2008-3144, CVE-2008-2315, CVE-2008-2316)
last seen	2020-06-01
modified	2020-06-02
plugin id	40115
published	2009-07-21
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40115
title	openSUSE Security Update : python (python-128)

NASL family	SuSE Local Security Checks
NASL id	SUSE_PYTHON-5491.NASL
description	This update of python fixes several security vulnerabilities. (CVE-2008-1679,CVE-2008-1887, CVE-2008-3143, CVE-2008-3142, CVE-2008-3144, CVE-2008-2315, CVE-2008-2316)
last seen	2020-06-01
modified	2020-06-02
plugin id	33924
published	2008-08-17
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33924
title	openSUSE 10 Security Update : python (python-5491)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2020-0234-1.NASL
description	This update for python fixes the following issues : Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions (bsc#1159035). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	133259
published	2020-01-27
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133259
title	SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20090728_PYTHON_FOR_SL_4_X.NASL
description	When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
last seen	2020-06-01
modified	2020-06-02
plugin id	60625
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60625
title	Scientific Linux Security Update : python for SL 4.x on i386/x86_64

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2009-1177.NASL
description	Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
last seen	2020-06-01
modified	2020-06-02
plugin id	40401
published	2009-07-28
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40401
title	RHEL 4 : python (RHSA-2009:1177)

NASL family	VMware ESX Local Security Checks
NASL id	VMWARE_VMSA-2009-0016.NASL
description	a. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. b. Update Apache Tomcat version Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5) which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. c. Third-party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer
last seen	2020-06-01
modified	2020-06-02
plugin id	42870
published	2009-11-23
reporter	This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/42870
title	VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.

NASL family	SuSE Local Security Checks
NASL id	SUSE_PYTHON-5490.NASL
description	This update of python fixes several security vulnerabilities. (CVE-2008-1679 / CVE-2008-1887 / CVE-2008-3143 / CVE-2008-3142 / CVE-2008-3144 / CVE-2008-2315 / CVE-2008-2316) Note: for SLE10 a non-security bug in mmap was fixed too.
last seen	2020-06-01
modified	2020-06-02
plugin id	33923
published	2008-08-17
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33923
title	SuSE 10 Security Update : Python (ZYPP Patch Number 5490)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2008-163.NASL
description	Multiple integer overflows in the imageop module in Python prior to 2.5.3 allowed context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows (CVE-2008-1679). This was due to an incomplete fix for CVE-2007-4965. David Remahl of Apple Product Security reported several integer overflows in a number of core modules (CVE-2008-2315). He also reported an integer overflow in the hashlib module on Python 2.5 that lead to unreliable cryptographic digest results (CVE-2008-2316). Justin Ferguson reported multiple buffer overflows in unicode string processing that affected 32bit systems (CVE-2008-3142). Multiple integer overflows were reported by the Google Security Team that had been fixed in Python 2.5.2 (CVE-2008-3143). Justin Ferguson reported a number of integer overflows and underflows in the PyOS_vsnprintf() function, as well as an off-by-one error when passing zero-length strings, that led to memory corruption (CVE-2008-3144). The updated packages have been patched to correct these issues. As well, Python packages on Mandriva Linux 2007.1 and 2008.0 have been updated to version 2.5.2. Due to slight packaging changes on Mandriva Linux 2007.1, a new package is available (tkinter-apps) that contains binary files (such as /usr/bin/idle) that were previously in the tkinter package.
last seen	2020-06-01
modified	2020-06-02
plugin id	37212
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/37212
title	Mandriva Linux Security Advisory : python (MDVSA-2008:163)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2009-1177.NASL
description	From Red Hat Security Advisory 2009:1177 : Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
last seen	2020-06-01
modified	2020-06-02
plugin id	67897
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67897
title	Oracle Linux 4 : python (ELSA-2009-1177)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2009-1178.NASL
description	From Red Hat Security Advisory 2009:1178 : Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
last seen	2020-06-01
modified	2020-06-02
plugin id	67898
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67898
title	Oracle Linux 3 : python (ELSA-2009-1178)

NASL family	Misc.
NASL id	VMWARE_VMSA-2009-0016_REMOTE.NASL
description	The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Geronimo - Apache Tomcat - Apache Xerces2 - cURL/libcURL - ISC BIND - Libxml2 - Linux kernel - Linux kernel 64-bit - Linux kernel Common Internet File System - Linux kernel eCryptfs - NTP - Python - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Abstract Window Toolkit (AWT) - Java SE Plugin - Java SE Provider - Java SE Swing - Java SE Web Start
last seen	2020-06-01
modified	2020-06-02
plugin id	89117
published	2016-03-03
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/89117
title	VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_0DCCAA287F3C11DD8DE50030843D3802.NASL
description	Secunia reports : Some vulnerabilities have been reported in Python, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. Various integer overflow errors exist in core modules e.g. stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule. An integer overflow in the hashlib module can lead to an unreliable cryptographic digest results. Integer overflow errors in the processing of unicode strings can be exploited to cause buffer overflows on 32-bit systems. An integer overflow exists in the PyOS_vsnprintf() function on architectures that do not have a
last seen	2020-06-01
modified	2020-06-02
plugin id	34164
published	2008-09-11
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/34164
title	FreeBSD : python -- multiple vulnerabilities (0dccaa28-7f3c-11dd-8de5-0030843d3802)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-632-1.NASL
description	It was discovered that there were new integer overflows in the imageop module. If an attacker were able to trick a Python application into processing a specially crafted image, they could execute arbitrary code with user privileges. (CVE-2008-1679) Justin Ferguson discovered that the zlib module did not correctly handle certain archives. If an attacker were able to trick a Python application into processing a specially crafted archive file, they could execute arbitrary code with user privileges. (CVE-2008-1721) Justin Ferguson discovered that certain string manipulations in Python could be made to overflow. If an attacker were able to pass a specially crafted string through the PyString_FromStringAndSize function, they could execute arbitrary code with user privileges. (CVE-2008-1887) Multiple integer overflows were discovered in Python
last seen	2020-06-01
modified	2020-06-02
plugin id	33807
published	2008-08-04
reporter	Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33807
title	Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : python2.4, python2.5 vulnerabilities (USN-632-1)

Oval

accepted

2010-03-01T04:00:26.143-05:00

class

vulnerability

contributors

name	Pai Peng
organization	Hewlett-Packard

definition_extensions

comment Solaris 10 (SPARC) is installed
oval oval:org.mitre.oval:def:1440
comment Solaris 10 (x86) is installed
oval oval:org.mitre.oval:def:1926

description

family

unix

oval:org.mitre.oval:def:8445

status

accepted

submitted

2010-01-19T17:52:34.000-05:00

title

Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code

version

accepted

2014-01-20T04:01:41.604-05:00

class

vulnerability

contributors

name Pai Peng
organization Hewlett-Packard
name Chris Coffin
organization The MITRE Corporation

definition_extensions

comment VMWare ESX Server 3.0.3 is installed
oval oval:org.mitre.oval:def:6026
comment VMware ESX Server 3.5.0 is installed
oval oval:org.mitre.oval:def:5887
comment VMware ESX Server 4.0 is installed
oval oval:org.mitre.oval:def:6293

description

family

unix

oval:org.mitre.oval:def:8683

status

accepted

submitted

2010-03-19T16:57:59.000-04:00

title

VMware python multiple integer overflows vulnerability

version

accepted

2013-04-29T04:21:56.073-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:9761

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

rpms

python-0:2.4.3-24.el5_3.6
python-debuginfo-0:2.4.3-24.el5_3.6
python-devel-0:2.4.3-24.el5_3.6
python-tools-0:2.4.3-24.el5_3.6
tkinter-0:2.4.3-24.el5_3.6
python-0:2.3.4-14.7.el4_8.2
python-debuginfo-0:2.3.4-14.7.el4_8.2
python-devel-0:2.3.4-14.7.el4_8.2
python-docs-0:2.3.4-14.7.el4_8.2
python-tools-0:2.3.4-14.7.el4_8.2
tkinter-0:2.3.4-14.7.el4_8.2
python-0:2.2.3-6.11
python-debuginfo-0:2.2.3-6.11
python-devel-0:2.2.3-6.11
python-tools-0:2.2.3-6.11
tkinter-0:2.2.3-6.11

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 30491 CVE ID：CVE-2008-2315 CVE-2008-2316 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CNCVE ID：CNCVE-20082315 CNCVE-20082316 CNCVE-20083142 CNCVE-20083143 CNCVE-20083144 Python是一款开放源代码的脚本编程语言。 Python中存在多个整数溢出漏洞，远程攻击者可以利用漏洞对应用程序进行拒绝服务或者任意代码执行攻击。 1) stringobject、unicodeobject、bufferobject、longobject、tupleobject、stropmodule、gcmodule、mmapmodule等核心模块中存在各种整数溢出。 2) hashlib模块中的整数溢出可导致不可信的加密摘要结果。 3) 在处理unicode字符串时unicode_resize()中的整数溢出可能在32位系统上出现缓冲区溢出错误。以下是有漏洞的代码段： static int unicode_resize(register PyUnicodeObject unicode, Py_ssize_t length) { [...] oldstr = unicode->str; PyMem_RESIZE(unicode->str, Py_UNICODE, length + 1); [...] unicode->str[length] = 0; unicode->length = length; #define PyMem_RESIZE(p, type, n) \ ( assert((n) <= PY_SIZE_MAX / sizeof(type)) , \ ( (p) = (type ) PyMem_REALLOC((p), (n) * sizeof(type)) ) ) 4) 在没有vsnprintf()函数的架构上，PyOS_vsnprintf()函数中存在整数溢出漏洞。以下是有漏洞的代码段： int PyOS_vsnprintf(char str, size_t size, const char format, va_list va) { int len; /* # bytes written, excluding \0 / [...] assert(str != NULL); assert(size > 0); assert(format != NULL); [...] / Emulate it. / buffer = PyMem_MALLOC(size + 512); if (buffer == NULL) { len = -666; goto Done; } len = vsprintf(buffer, format, va); if (len < 0) / ignore the error /; else if ((size_t)len >= size + 512) Py_FatalError("Buffer overflow in PyOS_snprintf/PyOS_vsnprintf"); else { const size_t to_copy = (size_t)len < size ? (size_t)len : size - 1; assert(to_copy < size); memcpy(str, buffer, to_copy); str[to_copy] = '\0'; } PyMem_FREE(buffer); Done: [...] str[size-1] = '\0'; return len; } 5) 当0长度的字符串发送给PyOS_vsnprintf()函数，就可能触发整数溢出，导致内存破坏。以下是有漏洞的代码段： int PyOS_vsnprintf(char str, size_t size, const char format, va_list va) { int len; / # bytes written, excluding \0 / #ifndef HAVE_SNPRINTF char buffer; #endif assert(str != NULL); assert(size > 0); assert(format != NULL); [...] len = vsnprintf(str, size, format, va); [...] str[size-1] = '\0'; return len; } Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 lpia Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Slackware Linux 10.2 Slackware Linux 10.1 Slackware Linux 12.1 Slackware Linux 12.0 Slackware Linux 11.0 Slackware Linux -current Python Software Foundation Python 2.5.2 Python Software Foundation Python 2.5.1 Python Software Foundation Python 2.4.4 Python Software Foundation Python 2.4.3 + Trustix Secure Linux 3.0.5 Python Software Foundation Python 2.4.2 Python Software Foundation Python 2.4.1 Python Software Foundation Python 2.4 Python Software Foundation Python 2.3.6 Python Software Foundation Python 2.3.5 Python Software Foundation Python 2.3.4 + MandrakeSoft Linux Mandrake 10.1 x86_64 + MandrakeSoft Linux Mandrake 10.1 + S.u.S.E. Linux Personal 9.2 x86_64 + S.u.S.E. Linux Personal 9.2 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Python Software Foundation Python 2.3.3 + MandrakeSoft Corporate Server 3.0 x86_64 + MandrakeSoft Corporate Server 3.0 + MandrakeSoft Linux Mandrake 10.0 AMD64 + MandrakeSoft Linux Mandrake 10.0 + MandrakeSoft Linux Mandrake 9.2 amd64 + MandrakeSoft Linux Mandrake 9.2 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 Python Software Foundation Python 2.3.2 Python Software Foundation Python 2.3.1 Python Software Foundation Python 2.3 b1 Python Software Foundation Python 2.3 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 Python Software Foundation Python 2.2.3 + RedHat Desktop 3.0 + RedHat Enterprise Linux AS 3 + RedHat Enterprise Linux ES 3 + RedHat Enterprise Linux WS 3 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Python Software Foundation Python 2.2.2 + OpenPKG OpenPKG 1.2 + RedHat Linux 7.3 + S.u.S.E. Linux Personal 8.2 Python Software Foundation Python 2.2.1 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 + Gentoo Linux 1.4 _rc1 + Gentoo Linux 1.2 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Linux Mandrake 9.0 + OpenPKG OpenPKG 1.1 + S.u.S.E. Linux 8.1 Python Software Foundation Python 2.2 + Conectiva Linux 8.0 + MandrakeSoft Linux Mandrake 8.2 ppc + MandrakeSoft Linux Mandrake 8.2 + MandrakeSoft Linux Mandrake 8.1 ia64 + MandrakeSoft Linux Mandrake 8.1 Python Software Foundation Python 2.1.3 + Debian Linux 3.0 Python Software Foundation Python 2.1.2 Python Software Foundation Python 2.1.1 + RedHat Linux 7.2 + Sun Linux 5.0.7 Python Software Foundation Python 2.1 + Conectiva Linux 7.0 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 amd64 + Debian Linux 3.1 alpha + Debian Linux 3.1 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 Python Software Foundation Python 2.0.1 Python Software Foundation Python 2.0 + MandrakeSoft Linux Mandrake 8.0 ppc + MandrakeSoft Linux Mandrake 8.0 Python Software Foundation Python 2.5 Gentoo Linux Gentoo ------ Gentoo可参考如下安全公告获得相应补丁: <a href=http://security.gentoo.org/glsa/glsa-200807-16.xml target=_blank>http://security.gentoo.org/glsa/glsa-200807-16.xml</a> Python 2.4用户应升级到最新版本： # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.4-r14" Python 2.5用户应升级到最新版本： # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/python-2.5.2-r6" Python已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href=http://svn.python.org/view?rev=65335&view=rev target=_blank>http://svn.python.org/view?rev=65335&view=rev</a>
id	SSV:3800
last seen	2017-11-19
modified	2008-08-07
published	2008-08-07
reporter	Root
title	Python存在多个缓冲区溢出漏洞

bulletinFamily	exploit
description	BUGTRAQ ID: 30491 CVE(CAN) ID: CVE-2008-2315,CVE-2008-2316,CVE-2008-3142,CVE-2008-3143,CVE-2008-3144 Python是一种开放源代码的脚本编程语言。 Python中存在多个整数溢出漏洞，可能允许恶意用户导致拒绝服务或入侵有漏洞的系统。 1) stringobject、unicodeobject、bufferobject、longobject、tupleobject、stropmodule、gcmodule、mmapmodule等核心模块中存在各种整数溢出。 2) hashlib模块中的整数溢出可能导致不可信任的加密摘要结果。 3) 在处理unicode字符串时unicode_resize()中的整数溢出可能在32位系统上导致错误的内存分配。以下是有漏洞的代码段： 174 static 175 int unicode_resize(register PyUnicodeObject unicode, 176 Py_ssize_t length) 177 { [...] 201 202 oldstr = unicode->str; 203 PyMem_RESIZE(unicode->str, Py_UNICODE, length + 1); [...] 209 unicode->str[length] = 0; 210 unicode->length = length; 211 95 #define PyMem_RESIZE(p, type, n) \ 96 ( assert((n) <= PY_SIZE_MAX / sizeof(type)) , \ 97 ( (p) = (type ) PyMem_REALLOC((p), (n) * sizeof(type)) ) ) 4) 在不存在vsnprintf()函数的架构上，PyOS_vsnprintf()函数中存在整数溢出漏洞。以下是有漏洞的代码段： 53 int 54 PyOS_vsnprintf(char str, size_t size, const char format, va_list va) 55 { 56 int len; /* # bytes written, excluding \0 / [...] 60 assert(str != NULL); 61 assert(size > 0); 62 assert(format != NULL); 63 [...] 67 / Emulate it. / 68 buffer = PyMem_MALLOC(size + 512); 69 if (buffer == NULL) { 70 len = -666; 71 goto Done; 72 } 73 74 len = vsprintf(buffer, format, va); 75 if (len < 0) 76 / ignore the error /; 77 78 else if ((size_t)len >= size + 512) 79 Py_FatalError("Buffer overflow in PyOS_snprintf/PyOS_vsnprintf"); 80 81 else { 82 const size_t to_copy = (size_t)len < size ? 83 (size_t)len : size - 1; 84 assert(to_copy < size); 85 memcpy(str, buffer, to_copy); 86 str[to_copy] = '\0'; 87 } 88 PyMem_FREE(buffer); 89 Done: [...] 91 str[size-1] = '\0'; 92 return len; 93 } 5) 如果向PyOS_vsnprintf()函数传送了0长度的字符串的话，就可能触发整数溢出，导致内存破坏。以下是有漏洞的代码段： 53 int 54 PyOS_vsnprintf(char str, size_t size, const char format, va_list va) 55 { 56 int len; / # bytes written, excluding \0 / 57 #ifndef HAVE_SNPRINTF 58 char buffer; 59 #endif 60 assert(str != NULL); 61 assert(size > 0); 62 assert(format != NULL); [...] 65 len = vsnprintf(str, size, format, va); [...] 91 str[size-1] = '\0'; 92 return len; 93 } python 2.5.x python 2.4.x 厂商补丁： Gentoo ------ Gentoo已经为此发布了一个安全公告（GLSA-200807-16）以及相应补丁: GLSA-200807-16：Python: Multiple vulnerabilities 链接：<a href=http://security.gentoo.org/glsa/glsa-200807-16.xml target=_blank>http://security.gentoo.org/glsa/glsa-200807-16.xml</a> 所有Python 2.4用户都应升级到最新版本： # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.4-r14" 所有Python 2.5用户都应升级到最新版本： # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/python-2.5.2-r6" Python ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href=http://svn.python.org/view?rev=65335&view=rev target=_blank>http://svn.python.org/view?rev=65335&view=rev</a>
id	SSV:3787
last seen	2017-11-19
modified	2008-08-06
published	2008-08-06
reporter	Root
title	Python多个整数溢出漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Oval

Redhat

Seebug

References